SSL - basic configuration
For basic configuration single command from CLI can be used:
$ onteoncli ssl init-configuration
initialized: true
This will enable SSL configuration with default settings:
- One-Way SSL configuration for API, Edge Balancer, Inner Balancer, Internal
- Size for all private keys set to 4096
- Validity time for root CAs set to 730 days
- Rotation time for root CAs set to 365 days
- Validity time for intermediate CAs set to 180 days
- Rotation time for intermediate CAs set to 90 days
- Validity time for server and client CAs set to 60 days
- Rotation time for server and client CAs set to 30 days
- All certificates will used default names for CN record in certificates and nothing more will be set (important in case of hostname verification)
- Communication to applications running on different node will be done with proxy (Inner Balancer)
- Communication to applications running on same node will be done directly with or without SSL (depends on what protocol application exposes)
Command can be configured as described here